home / OpenBSD lite
This page describes a 'lite' OpenBSD desktop with graphical applications. I used a Thinkpad X60 with 2Gb RAM and a 60Gb SSD.
Note Oct 30th 2020: I used sysupgrade
and pkg_add -u to upgrade from OpenBSD 6.7 to OpenBSD 6.8 on this old Thinkpad. Seems OK.
I have linked to the OpenBSD FAQ and the man pages for commands
throughout this page. Don't forget to skim man
afterboot, and man hier
will be helpful if you plan on editing the partition layout instead of
accepting the installer's [A]utomatic suggestion.
fvwmfw_updatesyspatchpkg_add to install applicationsdoas.conf to allow user to power off the computerapmd and use a script to restart WiFi on resumexlockdoas.conf to allow user mounting of external storagefvwm to look normal(ish!)jwm.Xresources file to customise xterm and other applications/etc/hosts to block unwanted Web addresses/etc/daily, /etc/weekly and /etc/monthly scripts and locatetexlive-minimal from packagesSee OpenBSD FAQ - Installation Guide especially the Pre-installation Checklist
OpenBSD has one of the easiest installers I've ever used. It just asks a series of questions with sensible defaults in brackets and takes a couple of minutes to install the base system including X Windows.
The rest of this page assumes that the graphical login called xenodm
was enabled. If it wasn't xenodm can be enabled using the rcctl
command as root...
foo# rcctl enable xenodm
foo# reboot
Rebooting into xenodm and logging in reveals the OpenBSD default window
manager called fvwm...
fvwm
There should be a single xterm window in the top left of the screen.
The font might be really small. Ctrl-Right Mouse Click over the window
and select 'Huge' from the VT Fonts menu that appears. The xterm
window will get larger and the text more readable.
Silence the bell for the session...
foo$ xset b off
If you need to switch off the computer part way through configuration
use shutdown as root to close the computer down cleanly...
foo# shutdown -ph now
If the fvwm window manager is too annoying, Ctrl-F2 for a console
log-in and enter the commands below there. Ctrl-F5 to return to the X
Window session.
/etc/X11/xenodm/Xsetup_0 to make options
permanentEdit (as root) the /etc/X11/xenodm/Xsetup_0 file to
xconsole starting and to silence the bell and set a
background colour for the xenodm login screen in place of
the default check pattern. My Xsetup_0 file looks like
this...
foo$ cat /etc/X11/xenodm/Xsetup_0 #!/bin/sh # $OpenBSD: Xsetup_0,v 1.6 2019/06/29 13:33:06 espie Exp $ #xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail xset b off xset b 0 0 0 xsetroot -solid WebMaroon # install package openbsd-backgrounds # then uncomment: # # if test -x /usr/local/bin/openbsd-wallpaper # then # /usr/local/bin/openbsd-wallpaper # fi # sxpm OpenBSD.xpm &
I have just commented out the xconsole line and added
commands to silence the bell and set a named colour for the log-in
screen. OpenBSD base provides the vi
and mg editors. I tend to wait until I have
nano installed before editing configuration files...
Fun fact: OpenBSD base comes with xwd that can take a
screen shot of the screen and xwud that can display the
resulting file. GIMP can load xwd files. Try...
foo$ sleep 10 && xwd -root > screenie.xwd
foo$ xwud -scale -in screenie.xwd
fw_updateSkim the OpenBSD FAQ - Networking, especially the Wireless Networking section.
For a wired connection, type the following as root...
foo# ifconfig em0 up
foo# dhclient em0
...where em0 is the interface for the network card. The dhclient
should print a message with details of the lease.
fw_updateSee man fw_update and
possibly the firmware download
site.
OpenBSD make available some firmware packages which, for licencing reasons, they are not able to distribute in the installer image. As root type...
foo# fw_update
If a wired connection is not available and the WiFi card itself
requires firmware then the relevant package can be
downloaded on another
computer and copied to the target machine. Use fw_update -p command
with the path to firmware package to install the firmware.
Use ifconfig without arguments to find a list of the interfaces on the
computer. My computer has the WiFi interface urtw0.
I use a hostname.if file to connect to known WiFi networks...
foo$ cat /etc/hostname.urtw0
join MyHomeNetwork wpakey PassWord
dhcp
OpenBSD comes with vi or mg as terminal editors. The echo command
can be easier for creating short files, as root...
foo# echo "join myhomewifi wpakey pass_phrase" >> /etc/hostname.urtw0
foo# echo "dhcp" >> /etc/hostname.urtw0
Then restart the network...
foo# sh /etc/netstart
Check you have a functioning connection using ping...
foo# ping -c 3 openbsd.org
syspatchSee man syspatch and the OpenBSD 6.7 Errata page
Run the syspatch command as root without arguments...
foo# syspatch
Get/Verify syspatch67-001_wscons.tgz 100% |*************| 113 KB 00:00
Installing patch 001_wscons
Get/Verify syspatch67-002_rpki.tgz 100% |***************| 36470 00:00
Installing patch 002_rpki
.... more lines ....
Relinking to create unique kernel... done; reboot to load the new kernel
Errata can be reviewed under /var/syspatch
...and as suggested, reboot into the new kernel...
foo# reboot
pkg_add to install applicationsThe OpenBSD FAQ - Package management page provides a clear overview. A content distribution network address for OpenBSD mirrors is set during installation...
foo$ cat /etc/installurl
https://cdn.openbsd.org/pub/OpenBSD
Type the name of the package as an argument to pkg_add to install the
package and all its dependencies. As an example, I usually install the
nano editor as I find it easier to use than vi or mg...
foo# pkg_add nano
quirks-3.124 signed on 2019-04-15T12:10:16Z # example from 6.5
quirks-3.124: ok
nano-4.0:libiconv-1.14p3: ok
nano-4.0:gettext-0.19.8.1p3: ok
nano-4.0: ok
Application choice is quite personal but most people will need an up to date Web browser. Firefox and Chromium are both available in packages, I tend towards Firefox.
Larger and more complex packages will provide pkg-readmes located at /usr/local/share/doc/pkg-readmes/. Reading these will save time and mystification as features change. As an example of what I mean have a look at the pkg-readme for Firefox...
foo$ less /usr/local/share/doc/pkg-readmes/firefox
The section on pledge(2) and unveil(2) Support illustrates a feature
of OpenBSD. The Chromium package in OpenBSD has also been compiled with
pledge/unveil support.
Occasionally, there is a connection glitch and a package will not be
correctly downloaded. pkg_add will mark such packages with the prefix
partial-. I find that repeating the pkg_add command a bit later
clears those up.
doas.conf to allow user to power off the computerSee man doas, man doas.conf and Ted Unangst's doas
mastery.
The doas command is the OpenBSD replacement for sudo. Adding the
following lines to the /etc/doas.conf file will allow the user to
power off and reboot the computer...
permit nopass keith as root cmd reboot
permit nopass keith as root cmd shutdown
...to run the reboot command as a user you type...
foo$ doas reboot
...at a terminal prompt. The command doas reboot can also be used in
the Window Manager menus &c.
apmd and use a script to restart WiFi on resumeSee man apmd.
Just type...
foo# rcctl enable apmd
foo# rcctl set apmd flags -A
foo# rcctl start apmd
...the /etc/rc.conf.local file now looks like this...
foo$ cat /etc/rc.conf.local
apmd_flags=-A
xenodm_flags=
Type zzz at a terminal prompt to check suspend to RAM. When the laptop
resumes, try ping google.com in the terminal to see if the WiFi
restarts automatically.
I need to restart networking on resume because of the USB WiFi adaptor,
so I use the following three line script in /etc/apm/resume...
foo$ cat /etc/apm/resume
#!/bin/sh
sleep 10 # Gives time for the USB WiFi adaptor to settle
sh /etc/netstart
Use mkdir /etc/apm as root to create the directory. Because
/etc/apm/resume is a script use chmod +x /etc/apm/resume to mark the file as executable.
xlockSee man xenodm especially the example user .xsession files in the Session Program section. The key fact to keep in mind is that
xenodm runs as the user who logged in not as root.
Create a .xsession file in the home directory. For now specify fvwm
as the window manager. Mine looks like this...
foo$ cat .xsession
xidle -program "/usr/X11R6/bin/xlock -mode blank -lockdelay 10 -timeelapsed" \
-timeout 600 &
exec fvwm
The xidle line comes straight from the xidle man page with minor
alterations. See man xlock for the options to the command in
quotes. The '&' character at the end of the line runs xidle in the
background. The exec fvwm line runs fvwm which we want in the
foreground hence no '&'.
To lock the screen when suspending to RAM, a script is needed in
/etc/apm/suspend. I copied mine from a blog post by Daniel
Jakots...
foo$ cat /etc/apm/suspend
#!/bin/sh
doas -u keith env DISPLAY=:0 XAUTHORITY=/home/keith/.Xauthority xlock &
The doas line is needed to allow root to run a command as user. Two
lines are needed in /etc/doas.conf, one for the env command and one
for xlock...
permit nopass root as keith cmd xlock
permit nopass root as keith cmd env
At present, if the laptop is suspended while the screen is locked two
instances of the xlock program are running on resume, so the password
has to be typed in twice. I'm experimenting with a conditional
statement in /etc/apm/suspend to check if xlock is already running.
doas.conf to allow user mounting of external storageSee OpenBSD FAQ - Disk Setup / Disks and Partitions for background,
especially the numbering of disks which follows a different convention
to Linux. Skim the man pages for mount, umount, fstab and when
installed ntfs-3g for background.
I need to be able to read and write to an NTFS formatted external hard
drive, so I install the ntfs_3g package which provides the ntfs-3g
command. I also need to read and write to VFAT formatted USB drives. The
following lines added to /etc/doas.conf allow the user to mount and
unmount drives...
permit nopass keith as root cmd mount
permit nopass keith as root cmd umount
permit nopass keith as root cmd ntfs-3g
Mounting a USB stick to ~/usb as user looks like this...
foo$ mkdir ~/usb
foo$ dmesg | grep sd1
sd1 at scsibus4 targ 1 lun 0: <, USB DISK 2.0, PMAP> removable serial. numbers
foo$ doas mount /dev/sd1i ~/usb
foo$ ls ~/usb
music
planner.pdf
With this VFAT formatted USB stick plugged in, I can mount my NTFS
formatted backup drive to ~/backup like this...
foo$ mkdir ~/backup
foo$ dmesg | grep sd2
sd2 at scsibus5 targ 1 lun 0: <WD, Elements 10B8, 1012> serial. numbers
foo$ ls ~/backup
foo$ doas ntfs-3g /dev/sd2i ~/backup
foo$ ls ~/backup
Music System Volume Information
Pix X220
Below are the commands for unmounting both drives...
foo$ doas umount ~/usb
foo$ doas umount ~/backup
foo$ ls usb
foo$ ls backup
For some reason, ntfs-3g gives an error message if you try to unmount
from /dev/sd2i, so I just unmount from the target directories on my
home drive for both commands.
Notice how the man ntfs-3g page uses Linux disk numbering. One example
of the difference between OpenBSD base documentation and that for
third-party packages.
fvwm to look normal(ish!)See man fvwm, good reading for rainy days or long commutes. The
version in OpenBSD base is very old so be careful of Web searches.
The behaviour of fvwm is
defined by a .fvwmrc file. Copy
/usr/X11R6/lib/X11/fvwm/.fvwmrc to `~/.jwmrc` and change
permissions to alter the styles and actions in the copy, see
below...
foo$ cp /usr/X11R6/lib/X11/fvwm/.fvwmrc .fvwmrc
foo$ ls -la
-r--r--r-- 1 keith keith 18178 Jun 22 21:24 .fvwmrc
foo$ chmod 644 .fvwmrc
foo$ ls -la
-rw-r--r-- 1 keith keith 18178 Jun 22 21:24 .fvwmrc
fvwm must be restarted to see the effect of changes to
.fvwmrc. from inside a session. The Restart command is
provided in the left click menu in the default configuration.
There are many .fvwmrc files to be found on the
Web. My current work in progress .fvwmrc file is loosely based on one
that Ingo
Schwarze posted to the openbsd-misc mailing list some years ago.
I've added back some of the bloat he stripped out, I like my Alt-Tab
cycling through windows and I like the ability to move and focus a
window by clicking on the titlebar.
jwmSee the JWM home page for detailed configuration information. man
jwm defines the syntax of the configuration file but lacks the
detailed examples available on the Web page.
JWM is a small floating window manager with task bar that is written in
C and configured using a single XML file. The default presentation is
usable, but the icon paths are not adapted for use on OpenBSD. My
.jwmrc is default with a few very small tweaks mainly to the menu for
new programs. On OpenBSD the default .jwmrc file is located at
/etc/system.jwmrc and at /usr/local/share/examples/jwm/system.jwmrc
for some reason.
.Xresources file to customise xterm and other applicationsThe .Xdefaults
file is used to change font and colour settings and to determine the
style of the Xterm terminal. My .Xdefaults file is quite long, I like true-type
fonts in my terminal like in Firefox and Leafpad so I specify those. I
also like scrolling and a light on dark colour scheme. There are much
more minimal .Xdefaults files around.
OpenBSD running an X Windows session has hinting and sub-pixel rendering
available by default as the patent issues have been resolved. I have
added extra symlinks in my /etc/fonts/conf.d directory as follows...
foo$ ls -l /etc/fonts/conf.d | cut -c 45-
10-autohint.conf -> /etc/fonts/conf.avail/10-autohint.conf
10-sub-pixel-rgb.conf -> /etc/fonts/conf.avail/10-sub-pixel-rgb.conf
11-lcdfilter-default.conf -> /etc/fonts/conf.avail/11-lcdfilter-default.conf
My .Xdefaults file has some Xft specifications and jwm is compiled with Xft support...
foo$ cat .Xdefaults | grep Xft
Xft.dpi: 96
Xft.autohint: 0
Xft.lcdfilter: lcddefault
Xft.hintstyle: hintslight
Xft.hinting: 1
Xft.antialias: 1
Xft.rgba: rgb
/etc/hosts to block unwanted Web addressesSee man resolv.conf.tail especially the description of the lookup keyword.
OpenBSD's dhclient writes the nameserver address it receives into
/etc/resolv.conf each time I connect to WiFi. If I want to
use the /etc/hosts file as a way of blocking Web sites, I
have to add a /etc/resolv.conf.tail file. That file needs
to tell dhclient to look and the hosts file before using DNS to look up
the IP of a Web address. My /etc/resolv.conf file is
straight out of the handbook...
foo$ cat /etc/resolv.conf.tail lookup file bind
Popular lists of Web addresses to block such as the WinHelp hosts.txt can end up
with MS-DOS endings, so an extra carriage feed after the new line. Those
need removing before you copy the entries into /etc/hosts.
I used sed with in-place editing...
foo$ sed -i 's/^M$//g' ~/Downloads/hosts.txt
...the ^M represents a carriage return and has to be entered using
Ctrl-V, Ctrl M not simply by typing the characters. I append this file to the default /etc/hosts in base.
daily, weekly and monthly scripts and locateSee man locate and for instance man weekly.
The locate command can find any file on the computer very quickly by searching a database containing an index of all the files. The index is updated by running the /usr/libexec/locate.updatedb command as root which I do now and again. Commands in libexec are usually run by other programs and the directory does not appear in the search path.
OpenBSD base has a series of maintenance scripts that are timed to run daily, weekly and monthly if the computer is switched on 24/7. Desktop system users do not usually run these scripts. One of the things that /etc/weekly does is to run the locate.updatedb command. These commands also send email to root!
texlive-minimal from packagesSee ports information for texlive-minimal.
Texlive 2019 is available in packages. The huge installation is split
over various packages as revealed by pkg_info -Q
texlive...
foo# pkg_info -Q texlive texlive_base-2019p0 texlive_mktexlsr-2019 texlive_synctex-2019 texlive_texmf-buildset-2019 texlive_texmf-context-2019 texlive_texmf-docs-2019 texlive_texmf-full-2019 texlive_texmf-minimal-2019
Installing texlive_texmf-minimal-2019 brings the
binaries and buildset as dependancies and has been curated to give
similar functionality to tetex. And you get clisp
2.49 as a dependency. The whole thing takes around an extra 800Mb
in /usr/local.
Keith Burnett. Last modified: Thu Jul 2 20:51:24 BST 2020 | This is a Web page